Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7559910f by security tracker role at 2018-08-24T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-15867
+ RESERVED
+CVE-2018-15866
+ RESERVED
+CVE-2018-15865
+ RESERVED
CVE-2018-15864
RESERVED
CVE-2018-15863
@@ -272,8 +278,8 @@ CVE-2018-15730
RESERVED
CVE-2018-15729
RESERVED
-CVE-2018-15728
- RESERVED
+CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated
users can ...)
+ TODO: check
CVE-2018-15727
RESERVED
CVE-2018-1999047 (A improper authorization vulnerability exists in Jenkins
2.137 and ...)
@@ -535,8 +541,7 @@ CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input
file 0x50 0x36 0x36 0x
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1255
CVE-2018-15606
RESERVED
-CVE-2018-15605 [PMASA-2018-5]
- RESERVED
+CVE-2018-15605 (An issue was discovered in phpMyAdmin before 4.8.3. A
Cross-Site ...)
- phpmyadmin <not-affected> (Vulnerable code introduced later)
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-5/
NOTE: Introduced by:
https://github.com/phpmyadmin/phpmyadmin/commit/9404287ac09415b627b6fa68c7d04a13f7ef41e2
@@ -557,6 +562,7 @@ CVE-2018-15601 (apps/filemanager/handlers/upload/drop.php
in Elefant CMS 2.0.3 p
CVE-2018-15600
RESERVED
CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in
Dropbear ...)
+ {DLA-1476-1}
- dropbear <unfixed> (bug #906890)
[stretch] - dropbear <no-dsa> (Minor issue)
[jessie] - dropbear <no-dsa> (Minor issue)
@@ -796,10 +802,10 @@ CVE-2018-15538
RESERVED
CVE-2018-15537
RESERVED
-CVE-2018-15536
- RESERVED
-CVE-2018-15535
- RESERVED
+CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager
before ...)
+ TODO: check
+CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager
before ...)
+ TODO: check
CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility
of ...)
NOT-FOR-US: Geutebrueck
CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in
Geutebrueck ...)
@@ -873,8 +879,8 @@ CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in
libgit2 before 0.26.6 and
NOTE:
https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
CVE-2018-15500
RESERVED
-CVE-2018-15499
- RESERVED
+CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0,
allow ...)
+ TODO: check
CVE-2018-15498
RESERVED
CVE-2018-15497
@@ -1668,8 +1674,7 @@ CVE-2018-15122 (An issue found in Progress Telerik
JustAssembly through 2018.1.3
NOT-FOR-US: Telerik
CVE-2018-15121
RESERVED
-CVE-2018-15120 [denial of service by emoji (assertion failure)]
- RESERVED
+CVE-2018-15120 (libpango in Pango before 1.42.4, as used in hexchat and other
...)
- pango1.0 1.42.4-1 (low)
[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
[jessie] - pango1.0 <not-affected> (Vulnerable code not present)
@@ -2852,16 +2857,13 @@ CVE-2018-14608 (Thomson Reuters UltraTax CS 2017 on
Windows has a password prote
NOT-FOR-US: Thomson Reuters UltraTax CS 2017
CVE-2018-14607 (Thomson Reuters UltraTax CS 2017 on Windows, in a
client/server ...)
NOT-FOR-US: Thomson Reuters UltraTax CS 2017
-CVE-2018-14600 [Out of boundary write]
- RESERVED
+CVE-2018-14600 (An issue was discovered in libX11 through 1.6.5. The function
...)
- libx11 2:1.6.6-1
NOTE:
https://gitlab.freedesktop.org/xorg/lib/libx11/commit/dbf72805fd9d7b1846fe9a11b46f3994bfc27fea
-CVE-2018-14599 [Off-by-one writes]
- RESERVED
+CVE-2018-14599 (An issue was discovered in libX11 through 1.6.5. The function
...)
- libx11 2:1.6.6-1
NOTE:
https://gitlab.freedesktop.org/xorg/lib/libx11/commit/b469da1430cdcee06e31c6251b83aede072a1ff0
-CVE-2018-14598 [Crash on invalid reply]
- RESERVED
+CVE-2018-14598 (An issue was discovered in XListExtensions in ListExt.c in
libX11 ...)
- libx11 2:1.6.6-1
NOTE:
https://gitlab.freedesktop.org/xorg/lib/libx11/commit/e83722768fd5c467ef61fa159e8c6278770b45c2
CVE-2018-14606 (An issue was discovered in GitLab Community and Enterprise
Edition ...)
@@ -10050,8 +10052,8 @@ CVE-2018-11751
RESERVED
CVE-2018-11750
RESERVED
-CVE-2018-11749
- RESERVED
+CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at
login ...)
+ TODO: check
CVE-2018-11748
RESERVED
CVE-2018-11747
@@ -11935,16 +11937,16 @@ CVE-2018-11067
RESERVED
CVE-2018-11066
RESERVED
-CVE-2018-11065
- RESERVED
+CVE-2018-11065 (The WorkPoint component, which is embedded in all RSA Archer,
versions ...)
+ TODO: check
CVE-2018-11064
RESERVED
CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple
unquoted ...)
NOT-FOR-US: Dell WMS
CVE-2018-11062
RESERVED
-CVE-2018-11061
- RESERVED
+CVE-2018-11061 (RSA NetWitness Platform versions prior to 11.1.0.2 and RSA
Security ...)
+ TODO: check
CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an
authorization bypass ...)
NOT-FOR-US: RSA Archer
CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored
cross-site ...)
@@ -37806,8 +37808,8 @@ CVE-2018-1757
RESERVED
CVE-2018-1756
RESERVED
-CVE-2018-1755
- RESERVED
+CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote
attacker ...)
+ TODO: check
CVE-2018-1754
RESERVED
CVE-2018-1753
@@ -37872,8 +37874,8 @@ CVE-2018-1724
RESERVED
CVE-2018-1723
RESERVED
-CVE-2018-1722
- RESERVED
+CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could
allow ...)
+ TODO: check
CVE-2018-1721
RESERVED
CVE-2018-1720
@@ -37918,8 +37920,8 @@ CVE-2018-1701
RESERVED
CVE-2018-1700
RESERVED
-CVE-2018-1699
- RESERVED
+CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to
SQL ...)
+ TODO: check
CVE-2018-1698
RESERVED
CVE-2018-1697
@@ -57476,16 +57478,16 @@ CVE-2017-12579 (An insecure suid wrapper binary in
the HashiCorp Vagrant VMware
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-12578
RESERVED
-CVE-2017-12577
- RESERVED
-CVE-2017-12576
- RESERVED
-CVE-2017-12575
- RESERVED
-CVE-2017-12574
- RESERVED
-CVE-2017-12573
- RESERVED
+CVE-2017-12577 (An issue was discovered on the PLANEX CS-QR20 1.30. A
hardcoded ...)
+ TODO: check
+CVE-2017-12576 (An issue was discovered on the PLANEX CS-QR20 1.30. A hidden
and ...)
+ TODO: check
+CVE-2017-12575 (An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The
router ...)
+ TODO: check
+CVE-2017-12574 (An issue was discovered on PLANEX CS-W50HD devices with
firmware ...)
+ TODO: check
+CVE-2017-12573 (An issue was discovered on PLANEX CS-W50HD devices with
firmware ...)
+ TODO: check
CVE-2017-12572 (Persistent Cross Site Scripting (XSS) exists in Splunk
Enterprise 6.5.x ...)
NOT-FOR-US: Splunk
CVE-2017-12571
@@ -60314,10 +60316,10 @@ CVE-2017-11566 (AppUse 4.0 allows shell command
injection via a proxy field. ...
CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of
confidentially due ...)
- pagure <itp> (bug #829046)
NOTE: https://pagure.io/pagure/pull-request/2426
-CVE-2017-11564
- RESERVED
-CVE-2017-11563
- RESERVED
+CVE-2017-11564 (The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple
command ...)
+ TODO: check
+CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code
...)
+ TODO: check
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks
...)
NOT-FOR-US: MT4 SenhaSegura
CVE-2017-11561
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7559910ffec51f7b9e78c78e15df69466d6066a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7559910ffec51f7b9e78c78e15df69466d6066a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
